Howdy
I'm trying to run FTP server behind firewall. And i can't enable passive
mode from the Internet. There are plenty howtos but there aren't many
with my combination.
For now i have configured port forwarding and ftp server itself.
On the router:
# firewall-cmd --list-all --zone=external
external (active)
interfaces: enp3s1
sources:
services: openvpn ssh
ports: 1194/tcp 2666/tcp 88/tcp
masquerade: yes
forward-ports: port=21:proto=tcp:toport=:toaddr=10.0.32.7
port=10090-10100:proto=tcp:toport=:toaddr=10.0.32.7
port=88:proto=tcp:toport=80:toaddr=10.0.32.23
icmp-blocks:
rich rules:
I also did:
# modprobe ip_conntrack_ftp ports=10090,10100
excerpt form vsftpd.conf on the FTP server:
pasv_enable=Yes
pasv_min_port=10090
pasv_max_port=10100
pasv_addr_resolve=Yes
>From LAN or through VPN it works. But on the public address i can only
log in, cannot turn into passive mode:
Connected to ftp1.domain.com (xxx.xxx.xxx.xxx).
220 (vsFTPd 2.2.2)
Name (ftp1.domain.com:root): user
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,32,7,39,111).
ftp: connect: Connection timed out
Also this IP looks weird - shouldn't it be public IP?
What am i doing wrong?
TIA.
--
Over And Out
MoonWolf